You’ll see and read plenty of 2016 year-end recaps and 2017 predictions articles. However, this list of 8 cyber security trends is based on discussions with clients, customers, experiences in the field, and what we’ve learned this past year.

Internet of Horrifying Things

On trend for 2017 is continued research and identification of Internet of Things (IoT) vulnerabilities. Many IoT devices are manufactured cheaply, ship with unalterable default credentials, and have listening ports that can’t be disabled. Toss in a vulnerability or two, add a dash of exploitation, and this is a recipe for disaster worse than when your mum tried to give you a bowl cut haircut.

The problem is, most IoT devices are fully functioning computers, yet they aren’t treated as such by developers and users. While IoT vulnerabilities might not be an issue for your Internet-connected cat box cleaner or your ice maker’s Twitter account, imagine the implications for medical devices or your door locks.

IoT city, cyber security

A shift to people as a key security input

For the past decade, companies of all sizes have focused on technology as the cornerstone of their security apparatus. The result has been that there is enough equipment at the network perimeter to sink a cruise ship. Don’t get us wrong: technology is critical to a solid security posture, but without people to configure, manage, leverage, and respond to the choral of security devices, we have the proverbial “lights are on, but no one’s home” problem. In 2017, the focus will continue to shift away from technology being the primary security input, to people.

people in tech looking at info cyber attack

Widening of the skills gap

If you’re like most companies, you’re digging through a minuscule number of candidates hoping to find the cyber equivalent of Katniss Everdeen. Why don’t we have a quarter-quell of qualified contenders? We are in the midst of a cyber skills gap, and data tells us the gap isn’t closing — it’s just getting bigger. And according to data, millennials aren’t the answer, as they are still not flocking to technical degrees or perusing computer careers despite the high salaries, engaging work opportunities, and attractive amenities.

millennials on tech

Ransomware everywhere

Would you like it in a train? Would you like it in the rain? No, I’m not talking about the Dr. Seuss classic Green Eggs and Ham, I’m talking about ransomware. The pervasiveness of ransomware will continue for 2017, and could increase as the cost of delivery remains low and the rewards from success remain high.

A possibility for 2017 is that we might see the first large scale, high-pound object held for ransom (think a car, MRI machine, or aircraft).

ransomeware on vector computer cyber security

Passwords aren’t going anywhere

Passwords are going to be around for a while. For now, they are simply the most cost-effective way to achieve a reasonable level of security. Password managers are all the rage, and rightfully so, a password manager will allow you to create a complex password for each website you visit and will even do you a solid and remember the password for you.

Want to get the most protection out of your password? Transition to a lengthy but simple passphrase. For example, rather than picking something like “Ih8UAD0nna”, go for something like “IreallyhateDRYcake#435.” Picking this password apart we can clearly see the phrase “I really hate dry cake” and #435 was the number of times I dropped the dry cake from my roof before the cement cracked. See? Memorable, easy, and effective. How effective you ask? It would take a computer one octillion years, or a 1 followed by 27 zeros to crack this password.

Making cyber great again

President Donald Trump has tossed his hat into the cyber ring by providing his vision for cyber security. On his website, he lays out his concept for the future of cyber security, including a review of critical infrastructure vulnerabilities, creating a joint task force, and development of an offensive capability in an effort to deter attacks.

The President hasn’t said when he’d like to make this wish list happen. With his first 100 days filling up quickly, and cyber resources already strained, this might be a trend that gets kicked to 2018.

DDoS of Death

2016 saw some heinous DDoS attacks. In a botnet arms race fueled by the absence of IoT security, DDoS has become a lethal weapon. Feel like you’re missing out on the action? You can purchase a hefty dose of DDoSing firepower for roughly the price of a full tank of petrol (a small car) or two tickets to the movies.

Like all low-risk, high-reward activities, we prognosticate DDoS attacks to continue until the compensation/cost dynamics change. According to a study by Arbor Networks, the average DDoS attack is projected to be 1.15 Gbps.

Phishing’s phinale? Phat chance!

Know what the number one attack vector was for 2016? Phishing. Despite companies putting on multiple anti-phishing awareness trainings, installing email screening modules on their mail servers, and businesses emerging to provide phishing simulations and metrics (phishme), adversaries are still gaining access to internal networks with just the click of a mouse through phishing.

It’s not looking like 2017 will be the year phishing is dethroned. The problem is that phishing is cheap to implement, the rewards from success are high, and most importantly – it works.

It’s only going to become tougher to navigate the cyber security waters. Learn how we can help your business stay on top of the trends and stay out of the news.

business cta computer under spotlight cyber attack ready